Rust Cargo
2 CVEs affecting Rust Cargo. Latest disclosed: 2026-05-25. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-5222 | Medium | 6.5 | 2026-05-25 | Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple r… |
CVE-2019-16760 | Medium | 4.6 | 2019-09-30 | Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the `package` configuration key. Usage of the `package` key to rena… |